Palo Alto NGFWs a success story waiting for you
October 09, 2019
Palo Alto NGFWs a success story waiting for you
Score 9 out of 10
Vetted Review
Verified User
Software Version
PA-5200 Series
Overall Satisfaction with Palo Alto Networks Next-Generation Firewalls - PA Series
As with any organization, ours org needed to replace existing infrastructure. At the time we were strictly a Cisco shop top down, but we were open for other bids as well. After a demo, we purchased Palo Alto 5220 based firewalls, with the intent to use it as the central point of authority for all network traffic for our campus. The Palo Alto (PA) firewall is used as the gateway device for all traffic within our organization.
- The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
- The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
- The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
- It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
- Documentation that is available for solutions from Palo Alto is great. If you find yourself in a situation where something has not been previously documented or implemented, you will have to find out solutions yourself.
- The ability to use the API for push/pull information with the firewall was a major selling point. However, some items a person would expect to be readily available through the API do not exist, so either you have to go without or do extensive amount of work to put together, sort, and clean the data from multiple sources (I am looking at you dhcp logs).
- Prior to the purchase of Palo Alto NGFW firewalls, we used various other technologies along with our prior firewalls. After the purchase of the PA5220s, we were able to sunset these other technologies. Retired tech, along with a single pane of glass provides us with more resources to move forward with on other areas. Positive impact for our organization with the purchase of our PA-5220s.
We previously used Cisco 5585 ASAs with firepower. We wanted a more holistic solution than what the Cisco ASA was providing for us. In this situation, we needed to have consistency in how rules were applied across multiple types of traffic, while also knowing what kind of traffic was being sent. The inspection capabilities alone sold us on the Palo Alto, and we have reaped significant other benefits as well.
Do you think Palo Alto Networks Next-Generation Firewalls - PA Series delivers good value for the price?
Yes
Are you happy with Palo Alto Networks Next-Generation Firewalls - PA Series's feature set?
Yes
Did Palo Alto Networks Next-Generation Firewalls - PA Series live up to sales and marketing promises?
Yes
Did implementation of Palo Alto Networks Next-Generation Firewalls - PA Series go as expected?
Yes
Would you buy Palo Alto Networks Next-Generation Firewalls - PA Series again?
Yes
Next-Generation Firewalls - PA Series Feature Ratings
Using Palo Alto Networks Next-Generation Firewalls - PA Series
2100 - All business functions for a university flow through the PA5220, along with student traffic. Any and every business system and application is passing through the firewall. All types of Internet traffic as well, including general Internet traffic, IaaS, SaaS, and other cloud-based systems are moving without issue across the PA5220 firewalls deployed.
2 - For the Palo Alto PA5220 deployment, we have one main administrator and another authorized user supporting the hardware and configuration changes. We have multiple logs writes going out via syslog into a SIEM tool for the better overall management of all alert types, which is also administrated by one of these individuals. The firewall is very capable; your administrators need to be as well.
- Inspection
- Internet Gateway
- VPN
- Direct Connect (BGP)
- Security Rules
- Active/Active internet connection failovers
- BGP routing for AWS Direct Connect with VPN connectivity for redundancy
- Always looking to increase usage of the available API for more automated task creation/closing